How to restrict the direct access of folder jsf pages in a JSFWebaplication

Hi All,

I need help regarding restrict direct access off jsf pages in a application.

My jsf pages are placed in pages folder under Web-root directory

I want to access jsf pages throught the application flow only not direct access.

Ex: when i am enter this url in address bar http://localhost:8090/jsf/

it displays the related jsf page

but when i enter http://localhost:8090/jsf/pages/inputname.jsf at present it allowed how to restrict the direct access.

I need to restrict the direct access of jsf pages in pages foler.

I am using JBoss 5.1.

index.jsp

<html>
<body>
<jsp:forward page="/pages/inputname.jsf" />
</body>
</html>

web.xml

<?xml version="1.0"?>
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>

<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>server</param-value>
</context-param>

<context-param>
<param-name>javax.faces.CONFIG_FILES</param-name>
<param-value>/WEB-INF/faces-config.xml</param-value>
</context-param>

<listener>
<listener-class>com.sun.faces.config.ConfigureListener</listener-class>
</listener>


<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup> 1 </load-on-startup>
</servlet>


<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>

</web-app>

faces-config.xml

<?xml version="1.0"?>
<!DOCTYPE faces-config PUBLIC
"-//Sun Microsystems, Inc.//DTD JavaServer Faces Config 1.1//EN"
"http://java.sun.com/dtd/web-facesconfig_1_1.dtd">

<faces-config>
<navigation-rule>
<from-view-id>/pages/inputname.jsp</from-view-id>
<navigation-case>
<from-outcome>greeting</from-outcome>
<to-view-id>/pages/greeting.jsp</to-view-id>
</navigation-case>
</navigation-rule>
<managed-bean>
<managed-bean-name>personBean</managed-bean-name>
<managed-bean-class>jsfks.PersonBean</managed-bean-class>
<managed-bean-scope>request</managed-bean-scope>
</managed-bean>
</faces-config>

Please help me.

Regards,
Sridhar

All URL requests are "direct access" whether you type them in via the browser's navigation bar, they come in via AJAX, or an HTML GET/POST request. The server has no way of knowing the ultimate origin of a URL request.

So in that sense, you can't do anything.

However, if the idea is to preserve a workflow, you can verify the context at each stage to ensure that the preceding stages were satisfied and redirect back to the start page if they weren't.

Hi,

You can place /pages folder under WEB-INF folder.

resources under WEB-INF cannot be accessed directly

Thanks